enable_disable_ip_restriction
This command allows you to specify one or more IP addresses for which you can restrict access by user type (SSH, GUI, or ALL).
When IP restriction is enabled, users can log into Guardium® only if they log in from an address that is on the alllowlist.
Warning: Always assign one or more IP addresses to the allowlist from which you can
access Guardium. If
you restrict access to all IP addresses available to users, you will permanently lock all of your
users (and yourself) out of Guardium.
This API is available in Guardium V11.4 and later.
REST API syntax
This API is available as a REST service with the
POST
method. Call this API as follows:
POST https://[Guardium hostname or IP address]:8443/restAPI/ip_restriction
GuardAPI syntax
enable_disable_ip_restriction parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
allowlist | String | A comma-separated list of IP addresses for which you want to allow (or restrict) access. |
enable | Boolean | Required. Specify whether logins are restriced to the IP addresses that are specified in the
allowlist. Valid values:
Default = 1 (true) |
type | String | Required. Specify whether to restrict access to the CLI (SSH), the GUI, or both (ALL) for the
IP addresses in the allowlist. Valid values:
Note: You can run this command multiple times to create allowlists for different login
types.
|
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode. |